IOC Radar
IPMediumSignal 100/100

218.108.103.219

Location
ChinaChina
Hangzhou, ZJ
ASN
AS24139
Wasu BB
First Seen
Jan 24, 2024
Last Seen
Feb 16, 2026
Jan 24
First Seen
868d ago
Feb 16
Last Seen
114d ago
10
Reports
source reports
99%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Network Information

CountryCNChina
RegionHangzhou, ZJ
ASNAS24139
OrganizationWasu BB

Feed Intelligence Summary

10 reports99% confidence
10
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningasiaattackbotnetbrute forcebrute force attackbrute force attemptchinacncommand and controlcommunication protocolcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationddos attacksdecoy systemdistributed attacksindicatorinfrastructure acquisitionreconnaissanceinternet of thingsintrusion detectioniociot botnetiot/ics attackloginmalicious activitymalicious network activitymalicious softwaremalwaremanualmirai botnetnetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningpassword attacksphishing attackprocess injectionprotocol exploitationreconnaissanceresearchedscanscannersecurity policysftp attacksocial engineeringsocradar honeypotssh attackssh monitoringt1021.002t1040t1041t1046t1055t1056.001t1059.001t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltcp/23telecommunicationstelnet threatthreat actorthreat intelligencethreat prevention

Activity Timeline

1 total obs
Feb 16Feb 16

Threat Activity Heatmap

· Peak: 2026-02-16
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
10
Reports
First seenJan 24, 2024
Last seenFeb 16, 2026
GeolocationCN
CountryChina
LocationHangzhou, ZJ
ASNAS24139
OrgWasu BB
Coords30.2994, 120.1612

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 218.108.103.0 - 218.108.103.255 netname: WASU-BB country: CN descr: WASU-BB admin-c: xw49-AP tech-c: xw49-AP status: ASSIGNED NON-PORTABLE remarks: **************************************************** remarks: * please report spam/abuse to [email protected] * remarks: * reports to other addresses will not be processed * remarks: **************************************************** mnt-by: MAINT-CN-WASU last-modified: 2008-09-04T06:57:21Z source: APNIC person: Kelly Xue nic-hdl: XW49-AP e-mail: [email protected] address: Gudang Scientific and Economic Park ,No.398 address: Tian Mu Shan Roa, Hangzhou, Zhejiang, P.R.C phone: +86-571-56808888-8145 fax-no: +86-571-56800004 country: CN mnt-by: MAINT-CN-WASU last-modified: 2015-04-07T07:12:01Z source: APNIC
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 months ago
Appeared in 10 threat reports